[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor server for port 443



    On Wed, 21 May 2008 12:04:30 +0100 Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx>
wrote:
>Scott Bennett wrote:
>
>>> The standardised port for SMTP submission is 587. See 
>>> http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol specifically 
>>> "Although some servers support port 465 for legacy secure SMTP in 
>>> violation of the specifications"
>> 
>>      Huh.  Guess I'll have to look it up somewhere official then.  (wikipedia
>> is not authoritative, even if it may well have it right.)  I was going on
>> what it said in /etc/services on my FreeBSD 6.3 system, which is also not
>> authoritative by any means, but still ought to have been correct.  I checked
>> again, this time for 587, and it is listed as the service called "submission".
>> I had no idea that that referred to any service having anything to do with
>> email of any kind.  That prompted me to check the Solaris 5.8 system that I
>> use for email.  Its /etc/services doesn't list 465 at all, but also lists
>> 587 as "submission".
>
>http://www.iana.org/assignments/port-numbers

     Thank you for that URL.  I've looked at it now and have bookmarked it.
>
>The port 465 issue became particularly important recently when IANA 
>actually assigned it for a real use. Previously it was an unassigned 
>port that was hijacked by Microsoft for Outlook.
>
>>> However. gmail do actually support both 587 with TLS *and* 465 with SSL 
>>> on connect, on smtp.gmail.com.
>>      Okay.  I'll check into it and may end up adding 587 to my allowed exits.
>> Thanks for the tip.
>
>While port 587 is the official standard port for email submission, it 
>doesn't *require* the usage of SSL. GMail does however have this 
>requirement.
>
>Also, I'd still personally prefer to use port 465 over port 587 for mail 
>submission when both are available, purely because when using port 465 
>you negotitate SSL immediately, whilst with port 587 there is some plain 
>text negotiation first which *could* accidently leak identifying 
>information such as your hostname in the EHLO, to the Exit node.
>
     Now, if we keep 25 blocked, are we risking undoing the benefit from that
blockage by unblocking 587?  It turns out that I was rejecting exits for
port 465 and 587, so now I'm wondering whether it might be a Bad Thing to
accept exits to 587.  Also, the new allocation of 465 is for urd (URL
Rendezvous Directory for SSM).  Offhand, I don't know what SSM may be nor
whether accepting exits for this service would be okay.



                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************